Chapter 18. Managing Access Control


This chapter describes how you use Access Control Instructions (ACI) in Red Hat Directory Server to manage access to entries.

18.1. Access Control Principles

When Directory Server receives a request, it uses the authentication information provided by the user in the bind operation and the ACIs defined in the directory to allow or deny access to the requested entry or attribute. The server can allow or deny permissions for actions, such as read, write, search, and compare. The permission level granted to a user depends on the authentication information provided.
Access control in Directory Server enables you to set precise rules on when the ACIs are applicable:
  • For the entire directory, a subtree, or specific entries
  • For a specific user, all users belonging to a specific group or role, or all users in the directory
  • For a specific location, such as an IP address, an IP range, or a DNS name.
    Note that load balancers can affect location-specific rules.

Important

Complex ACIs are difficult to read and understand. Instead of one complex ACI, you can write multiple simple rules to achieve the same effect. However, a higher number of ACIs also increases the costs of ACI processing.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.